Skip to content

Common REST API v2

Marco Fargetta edited this page Dec 12, 2024 · 1 revision

API endpoints

Warning
This feature is still under development. The API might still change. Do not use it in production.

These endpoints are available in multiple subsystem application.

Path Method Parameters Return code App Mime Input

/<app>/v2/account/login

GET

None

200

ca, kra, ocsp, tks, tps

application/json

Example
$ curl --cacert ./ca_signing.crt --cert ca_admin_cert.p12:Secret.123 \
    --cert-type P12 -c session_cookie  https://$HOSTNAME:8443/ca/v2/account/login
{
  "id" : "caadmin",
  "FullName" : "caadmin",
  "Email" : "[email protected]",
  "Roles" : [ "Administrators", "Certificate Manager Agents", "Enterprise CA Administrators", "Enterprise KRA Administrators", "Enterprise OCSP Administrators", "Enterprise RA Administrators", "Enterprise TKS Administrators", "Enterprise TPS Administrators", "Security Domain Administrators" ],
  "Attributes" : {
    "Attribute" : [ ]
  }
}

/<app>/v2/account/logout

GET

None

204

ca, kra, ocsp, tks, tps

No output expected

Example
$ curl --cacert ./ca_signing.crt -b session_cookie https://$HOSTNAME:8443/ca/v2/account/logout

/<app>/v2/admin/groups

GET

start, size, filter

200

ca, kra, ocsp, tks, tps

application/json

Example
$ curl --cacert ./ca_signing.crt -b session_cookie \
    "https://$HOSTNAME:8443/ca/v2/admin/groups?size=3&filter=Admin"
{
  "total" : 8,
  "entries" : [ {
    "id" : "Administrators",
    "GroupID" : "Administrators",
    "Description" : "People who manage the Certificate System"
  }, {
    "id" : "Security Domain Administrators",
    "GroupID" : "Security Domain Administrators",
    "Description" : "People who are the Security Domain administrators"
  }, {
    "id" : "Enterprise CA Administrators",
    "GroupID" : "Enterprise CA Administrators",
    "Description" : "People who are the administrators for the security domain for CA"
  } ]
}

/<app>/v2/admin/groups

POST

None

201

ca, kra, ocsp, tks, tps

application/json

A json of a single group with GroupID and Description

Example
$ curl --cacert ./ca_signing.crt -b session_cookie \
    --json '{"GroupID": "NewGroup", "Description":"This is a new group"}' \
    https://$HOSTNAME:8443/ca/v2/admin/groups
{
  "id" : "NewGroup",
  "GroupID" : "NewGroup",
  "Description" : "This is a new group"
}

/<app>/v2/admin/groups/{id}

GET

None

200

ca, kra, ocsp, tks, tps

application/json

Example
$ curl --cacert ./ca_signing.crt -b session_cookie https://$HOSTNAME:8443/ca/v2/admin/groups/newGroup
{
  "id" : "NewGroup",
  "GroupID" : "NewGroup",
  "Description" : "This is a new group"
}

/<app>/v2/admin/groups/{id}

PATCH

None

200

ca, kra, ocsp, tks, tps

application/json

A group json with only the information to update

Example
$ curl --cacert ./ca_signing.crt -b session_cookie \
    --json '{"Description":"This is the new group"}' \
    -X PATCH https://$HOSTNAME:8443/ca/v2/admin/groups/newGroup
{
  "id" : "NewGroup",
  "GroupID" : "NewGroup",
  "Description" : "This is the new group"
}

/<app>/v2/admin/groups/{id}

DELETE

None

204

ca, kra, ocsp, tks, tps

Example
$ curl --cacert ./ca_signing.crt -b session_cookie
    -X DELETE https://$HOSTNAME:8443/ca/v2/admin/groups/newGroup

/<app>/v2/admin/groups/{id}/members

GET

start, size, filter

200

ca, kra, ocsp, tks, tps

application/json

Example
$ curl --cacert ./ca_signing.crt -b session_cookie \
    https://$HOSTNAME:8443/ca/v2/admin/groups/Administrators/members
{
  "total" : 1,
  "entries" : [ {
    "id" : "caadmin",
    "groupID" : "Administrators"
  } ]
}

/<app>/v2/admin/groups/{id}/members

POST

None

201

ca, kra, ocsp, tks, tps

application/json

A json with id of the new member

Example
$ curl --cacert ./ca_signing.crt -b session_cookie \
    --json '{"id": "caadmin"}' \
    https://$HOSTNAME:8443/ca/v2/admin/groups/NewGroup/members
{
  "id" : "caadmin",
  "groupID" : "NewGroup"
}

/<app>/v2/admin/groups/{groupId}/members{memberId}

GET

None

200

ca, kra, ocsp, tks, tps

application/json

Example
$ curl --cacert ./ca_signing.crt -b session_cookie \
    https://$HOSTNAME:8443/ca/v2/admin/groups/NewGroup/members/caadmin
{
  "id" : "caadmin",
  "groupID" : "NewGroup"
}

/<app>/v2/admin/groups/{groupId}/members{memberId}

DELETE

None

204

ca, kra, ocsp, tks, tps

Example
$ curl --cacert ./ca_signing.crt -b session_cookie
    -X DELETE https://$HOSTNAME:8443/ca/v2/admin/groups/NewGroup/members/caadmin

/<app>/v2/admin/users

GET

start, size, filter

200

ca, kra, ocsp, tks, tps

application/json

Example
$ curl --cacert ./ca_signing.crt -b session_cookie "https://$HOSTNAME:8443/ca/v2/admin/users?size=3&filter=Admin"
{
  "total" : 1,
  "entries" : [ {
    "id" : "caadmin",
    "UserID" : "caadmin",
    "FullName" : "caadmin"
  } ]
}

/<app>/v2/admin/users

POST

None

201

ca, kra, ocsp, tks, tps

application/json

A json for the user with UserID, FullName, Email, password, phone, type and state

Example
$ curl --cacert ./ca_signing.crt -b session_cookie \
  --json '{"UserID": "newUser", "FullName":"New User"}' \
  https://$HOSTNAME:8443/ca/v2/admin/users
{
  "id" : "newUser",
  "UserID" : "newUser",
  "FullName" : "New User"
}

/<app>/v2/admin/users/{id}

GET

None

200

ca, kra, ocsp, tks, tps

application/json

Example
$ curl --cacert ./ca_signing.crt -b session_cookie \
  https://$HOSTNAME:8443/ca/v2/admin/users/newUser
{
  "id" : "newUser",
  "UserID" : "newUser",
  "FullName" : "New User"
}

/<app>/v2/admin/users/{id}

PATCH

None

200

ca, kra, ocsp, tks, tps

application/json

A json with user information to update

Example
$ curl --cacert ./ca_signing.crt -b session_cookie \
    --json '{"FullName":"The New User"}' \
    -X PATCH https://$HOSTNAME:8443/ca/v2/admin/users/newUser
{
  "id" : "newUser",
  "UserID" : "newUser",
  "FullName" : "The New User"
}

/<app>/v2/admin/users/{id}

DELETE

None

204

ca, kra, ocsp, tks, tps

Example
$ curl --cacert ./ca_signing.crt -b session_cookie \
    -X DELETE https://$HOSTNAME:8443/ca/v2/admin/users/newUser

/<app>/v2/admin/users/{id}/certs

GET

size, start

200

ca, kra, ocsp, tks, tps

application/json

Example
$ curl --cacert ./ca_signing.crt -b session_cookie \
    https://$HOSTNAME:8443/ca/v2/admin/users/newUser/certs
{
  "total" : 1,
  "entries" : [ {
    "Version" : 2,
    "SerialNumber" : "0xa53c5f8e01bab930295a1c56134e2173",
    "IssuerDN" : "CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE",
    "SubjectDN" : "UID=newUser",
    "id" : "2;219636095195869852359558645775241978227;CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE;UID=newUser"
  } ]
}

/<app>/v2/admin/users/{id}/certs

POST

None

201

ca, kra, ocsp, tks, tps

application/json

Json with certificate in pem format inside Encoded field

Example
$ curl --cacert ./ca_signing.crt -b session_cookie
    --json '{"Encoded":"-----BEGIN CERTIFICATE-----\nMIIEATCCAmmgAwIBAgIRAKU8X44BurkwKVocVhNOIXMwDQYJKoZIhvcNAQELBQAwSDEQMA4GA1UE\r\nCgwHRVhBTVBMRTETMBEGA1UECwwKcGtpLXRvbWNhdDEfMB0GA1UEAwwWQ0EgU2lnbmluZyBDZXJ0\r\naWZpY2F0ZTAeFw0yNDEwMzAwOTQwNDBaFw0yNTA0MjgwOTQwNDBaMBkxFzAVBgoJkiaJk/IsZAEB\r\nDAduZXdVc2VyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvnk0Am3aRZevdPqLtDh4\r\nGkukZ89SrCBYqz/yWyIDdEnTHtJUdyJwbwgLkKz9GsE3ZwA1qLgQ8C8eOmUS8DNGm7+YTjwPeC+H\r\nnXxahsivqDeuyrc6nzbayCj4BWk+XMyqi8zPi84EXQ5eC3+qCx5ZEgyW8anjtjSX/09yLFxWRCoh\r\nHq7KR3Cp6LJlO+71bH/FBFfo4v+mA5WwjqdZ+GM9a7NlqyvrmGcUB+2q7LmuCjKCqGYRciIXsy6p\r\nYLhUnxfbtwxLZxmGzejawrciqtj40U3NmdkkDJ+niyD7C75w5TfhmZwmDSpHs76AmgPELBpSkiyE\r\nwdyyaiL53OjMQ5uD/wIDAQABo4GUMIGRMB8GA1UdIwQYMBaAFKd99i1O4mgUWWajjK3k83bEAOEl\r\nMD8GCCsGAQUFBwEBBDMwMTAvBggrBgEFBQcwAYYjaHR0cDovL3BraS5leGFtcGxlLmNvbTo4MDgw\r\nL2NhL29jc3AwDgYDVR0PAQH/BAQDAgXgMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDBDAN\r\nBgkqhkiG9w0BAQsFAAOCAYEAAQHZeYhrTYFofmGlOorwszMdmnSITwDjQjfu8K1Sh5geJOjrYos7\r\nPIa3uCYTneN/e/f/s9fTZoPrEycQL3rHjgjuQrAakQ48w8K0LKmVUmaVcwS+DCtcgHrBM965YVuP\r\nGw0vxGL+AhJDfH49rbX/2LAqcUMkA/Vc2oDQzb9Es6h20fEpaBVv5ehAbWWU6EOkBLN1/12VKY2e\r\nQFSTbdmPLnGHzcaX7Nmgl+u8jVzuysdTYpgHCQ7tonfE7NNQTHQt8p63fBDaDMUwBlfIDh3Omkef\r\nAofXpvF7Y1X7sy7wfeSqSXYPDcY4A3d+r7Y3qfyuqYc9/Xz+XzhTvEQfjd/gFiZjB23u2et1AhGD\r\n6dmQIhUWOW+OyDx3EdB+OAPFpgTK+VdaUr76zzEFXaZCGnkUhskQujg9495WCs+eQLWznTy3Zuz+\r\nssx5jgbLN46RjBcKlVyGSEtuC6uRwuwGbtQcp7kBGNeHsHBZeQ5fzUdls4B+RZHZWP3OSqpdEJKq\r\n8/gh\r\n-----END CERTIFICATE-----\n"}' \
   https://$HOSTNAME:8443/ca/v2/admin/users/newUser/certs
{
  "Version" : 2,
  "SerialNumber" : "0xa53c5f8e01bab930295a1c56134e2173",
  "IssuerDN" : "CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE",
  "SubjectDN" : "UID=newUser",
  "Encoded" : "-----BEGIN CERTIFICATE-----\nMIIEATCCAmmgAwIBAgIRAKU8X44BurkwKVocVhNOIXMwDQYJKoZIhvcNAQELBQAwSDEQMA4GA1UE\r\nCgwHRVhBTVBMRTETMBEGA1UECwwKcGtpLXRvbWNhdDEfMB0GA1UEAwwWQ0EgU2lnbmluZyBDZXJ0\r\naWZpY2F0ZTAeFw0yNDEwMzAwOTQwNDBaFw0yNTA0MjgwOTQwNDBaMBkxFzAVBgoJkiaJk/IsZAEB\r\nDAduZXdVc2VyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvnk0Am3aRZevdPqLtDh4\r\nGkukZ89SrCBYqz/yWyIDdEnTHtJUdyJwbwgLkKz9GsE3ZwA1qLgQ8C8eOmUS8DNGm7+YTjwPeC+H\r\nnXxahsivqDeuyrc6nzbayCj4BWk+XMyqi8zPi84EXQ5eC3+qCx5ZEgyW8anjtjSX/09yLFxWRCoh\r\nHq7KR3Cp6LJlO+71bH/FBFfo4v+mA5WwjqdZ+GM9a7NlqyvrmGcUB+2q7LmuCjKCqGYRciIXsy6p\r\nYLhUnxfbtwxLZxmGzejawrciqtj40U3NmdkkDJ+niyD7C75w5TfhmZwmDSpHs76AmgPELBpSkiyE\r\nwdyyaiL53OjMQ5uD/wIDAQABo4GUMIGRMB8GA1UdIwQYMBaAFKd99i1O4mgUWWajjK3k83bEAOEl\r\nMD8GCCsGAQUFBwEBBDMwMTAvBggrBgEFBQcwAYYjaHR0cDovL3BraS5leGFtcGxlLmNvbTo4MDgw\r\nL2NhL29jc3AwDgYDVR0PAQH/BAQDAgXgMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDBDAN\r\nBgkqhkiG9w0BAQsFAAOCAYEAAQHZeYhrTYFofmGlOorwszMdmnSITwDjQjfu8K1Sh5geJOjrYos7\r\nPIa3uCYTneN/e/f/s9fTZoPrEycQL3rHjgjuQrAakQ48w8K0LKmVUmaVcwS+DCtcgHrBM965YVuP\r\nGw0vxGL+AhJDfH49rbX/2LAqcUMkA/Vc2oDQzb9Es6h20fEpaBVv5ehAbWWU6EOkBLN1/12VKY2e\r\nQFSTbdmPLnGHzcaX7Nmgl+u8jVzuysdTYpgHCQ7tonfE7NNQTHQt8p63fBDaDMUwBlfIDh3Omkef\r\nAofXpvF7Y1X7sy7wfeSqSXYPDcY4A3d+r7Y3qfyuqYc9/Xz+XzhTvEQfjd/gFiZjB23u2et1AhGD\r\n6dmQIhUWOW+OyDx3EdB+OAPFpgTK+VdaUr76zzEFXaZCGnkUhskQujg9495WCs+eQLWznTy3Zuz+\r\nssx5jgbLN46RjBcKlVyGSEtuC6uRwuwGbtQcp7kBGNeHsHBZeQ5fzUdls4B+RZHZWP3OSqpdEJKq\r\n8/gh\r\n-----END CERTIFICATE-----\n",
  "id" : "2;219636095195869852359558645775241978227;CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE;UID=newUser"
}

/<app>/v2/admin/users/{userId}/certs/{certId}

GET

None

200

ca, kra, ocsp, tks, tps

application/json

Example
$ curl --cacert ./ca_signing.crt -b session_cookie \
    https://$HOSTNAME:8443/ca/v2/admin/users/newUser/certs/2%3B219636095195869852359558645775241978227%3BCN%3DCA%20Signing%20Certificate%2COU%3Dpki-tomcat%2CO%3DEXAMPLE%3BUID%3DnewUser
{
  "Version" : 2,
  "SerialNumber" : "0xa53c5f8e01bab930295a1c56134e2173",
  "IssuerDN" : "CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE",
  "SubjectDN" : "UID=newUser",
  "PrettyPrint" : "    Certificate: \n        Data: \n            Version:  v3\n            Serial Number: 0xA53C5F8E01BAB930295A1C56134E2173\n            Signature Algorithm: SHA256withRSA - 1.2.840.113549.1.1.11\n            Issuer: CN=CA Signing Certificate, OU=pki-tomcat, O=EXAMPLE\n            Validity: \n                Not Before: Wednesday, October 30, 2024, 9:40:40?AM Coordinated Universal Time Etc/UTC\n                Not  After: Monday, April 28, 2025, 9:40:40?AM Coordinated Universal Time Etc/UTC\n            Subject: UID=newUser\n            Subject Public Key Info: \n                Algorithm: RSA - 1.2.840.113549.1.1.1\n                Public Key: \n                    Exponent: 65537\n                    Public Key Modulus: (2048 bits) :\n                        BE:79:34:02:6D:DA:45:97:AF:74:FA:8B:B4:38:78:1A:\n                        4B:A4:67:CF:52:AC:20:58:AB:3F:F2:5B:22:03:74:49:\n                        D3:1E:D2:54:77:22:70:6F:08:0B:90:AC:FD:1A:C1:37:\n                        67:00:35:A8:B8:10:F0:2F:1E:3A:65:12:F0:33:46:9B:\n                        BF:98:4E:3C:0F:78:2F:87:9D:7C:5A:86:C8:AF:A8:37:\n                        AE:CA:B7:3A:9F:36:DA:C8:28:F8:05:69:3E:5C:CC:AA:\n                        8B:CC:CF:8B:CE:04:5D:0E:5E:0B:7F:AA:0B:1E:59:12:\n                        0C:96:F1:A9:E3:B6:34:97:FF:4F:72:2C:5C:56:44:2A:\n                        21:1E:AE:CA:47:70:A9:E8:B2:65:3B:EE:F5:6C:7F:C5:\n                        04:57:E8:E2:FF:A6:03:95:B0:8E:A7:59:F8:63:3D:6B:\n                        B3:65:AB:2B:EB:98:67:14:07:ED:AA:EC:B9:AE:0A:32:\n                        82:A8:66:11:72:22:17:B3:2E:A9:60:B8:54:9F:17:DB:\n                        B7:0C:4B:67:19:86:CD:E8:DA:C2:B7:22:AA:D8:F8:D1:\n                        4D:CD:99:D9:24:0C:9F:A7:8B:20:FB:0B:BE:70:E5:37:\n                        E1:99:9C:26:0D:2A:47:B3:BE:80:9A:03:C4:2C:1A:52:\n                        92:2C:84:C1:DC:B2:6A:22:F9:DC:E8:CC:43:9B:83:FF\n            Extensions: \n                Identifier: Authority Key Identifier - 2.5.29.35\n                    Critical: no \n                    Key Identifier: \n                        A7:7D:F6:2D:4E:E2:68:14:59:66:A3:8C:AD:E4:F3:76:\n                        C4:00:E1:25\n                Identifier: Authority Info Access: - 1.3.6.1.5.5.7.1.1\n                    Critical: no \n                    Access Description: \n                        Method #0: ocsp\n                        Location #0: URIName: http://pki.example.com:8080/ca/ocsp\n                Identifier: Key Usage: - 2.5.29.15\n                    Critical: yes \n                    Key Usage: \n                        Digital Signature \n                        Non Repudiation \n                        Key Encipherment \n                Identifier: Extended Key Usage: - 2.5.29.37\n                    Critical: no \n                    Extended Key Usage: \n                        clientAuth - 1.3.6.1.5.5.7.3.2\n                        emailProtection - 1.3.6.1.5.5.7.3.4\n        Signature: \n            Algorithm: SHA256withRSA - 1.2.840.113549.1.1.11\n            Signature: \n                01:01:D9:79:88:6B:4D:81:68:7E:61:A5:3A:8A:F0:B3:\n                33:1D:9A:74:88:4F:00:E3:42:37:EE:F0:AD:52:87:98:\n                1E:24:E8:EB:62:8B:3B:3C:86:B7:B8:26:13:9D:E3:7F:\n                7B:F7:FF:B3:D7:D3:66:83:EB:13:27:10:2F:7A:C7:8E:\n                08:EE:42:B0:1A:91:0E:3C:C3:C2:B4:2C:A9:95:52:66:\n                95:73:04:BE:0C:2B:5C:80:7A:C1:33:DE:B9:61:5B:8F:\n                1B:0D:2F:C4:62:FE:02:12:43:7C:7E:3D:AD:B5:FF:D8:\n                B0:2A:71:43:24:03:F5:5C:DA:80:D0:CD:BF:44:B3:A8:\n                76:D1:F1:29:68:15:6F:E5:E8:40:6D:65:94:E8:43:A4:\n                04:B3:75:FF:5D:95:29:8D:9E:40:54:93:6D:D9:8F:2E:\n                71:87:CD:C6:97:EC:D9:A0:97:EB:BC:8D:5C:EE:CA:C7:\n                53:62:98:07:09:0E:ED:A2:77:C4:EC:D3:50:4C:74:2D:\n                F2:9E:B7:7C:10:DA:0C:C5:30:06:57:C8:0E:1D:CE:9A:\n                47:9F:02:87:D7:A6:F1:7B:63:55:FB:B3:2E:F0:7D:E4:\n                AA:49:76:0F:0D:C6:38:03:77:7E:AF:B6:37:A9:FC:AE:\n                A9:87:3D:FD:7C:FE:5F:38:53:BC:44:1F:8D:DF:E0:16:\n                26:63:07:6D:EE:D9:EB:75:02:11:83:E9:D9:90:22:15:\n                16:39:6F:8E:C8:3C:77:11:D0:7E:38:03:C5:A6:04:CA:\n                F9:57:5A:52:BE:FA:CF:31:05:5D:A6:42:1A:79:14:86:\n                C9:10:BA:38:3D:E3:DE:56:0A:CF:9E:40:B5:B3:9D:3C:\n                B7:66:EC:FE:B2:CC:79:8E:06:CB:37:8E:91:8C:17:0A:\n                95:5C:86:48:4B:6E:0B:AB:91:C2:EC:06:6E:D4:1C:A7:\n                B9:01:18:D7:87:B0:70:59:79:0E:5F:CD:47:65:B3:80:\n                7E:45:91:D9:58:FD:CE:4A:AA:5D:10:92:AA:F3:F8:21\n        FingerPrint\n            MD2:\n                08:B7:40:5F:0F:75:9B:7D:CE:6A:E6:02:04:0E:42:CE\n            MD5:\n                70:FA:86:85:09:4C:A7:AC:C2:7E:16:12:FE:1C:23:6F\n            SHA-1:\n                CC:01:B7:F5:26:13:47:D9:A5:2C:05:6B:E0:94:16:7E:\n                62:CD:AB:4D\n            SHA-256:\n                1A:00:A6:05:FB:14:33:B4:32:71:73:54:06:DA:52:BB:\n                C9:3E:BA:24:CA:C2:4D:B2:9B:7F:A5:F7:F8:55:C0:45\n            SHA-512:\n                D6:C2:13:5B:5C:06:15:90:E9:78:73:C7:0C:EE:70:19:\n                31:79:1F:AB:43:57:B7:97:C8:D7:00:CA:F3:4A:DD:1B:\n                03:BE:50:10:A8:F6:4A:A0:F3:2E:28:AD:7B:7C:1F:E5:\n                70:ED:22:8E:21:DD:D9:E0:8A:7E:4C:47:D3:56:C5:49\n",
  "Encoded" : "-----BEGIN CERTIFICATE-----\nMIIEATCCAmmgAwIBAgIRAKU8X44BurkwKVocVhNOIXMwDQYJKoZIhvcNAQELBQAwSDEQMA4GA1UE\r\nCgwHRVhBTVBMRTETMBEGA1UECwwKcGtpLXRvbWNhdDEfMB0GA1UEAwwWQ0EgU2lnbmluZyBDZXJ0\r\naWZpY2F0ZTAeFw0yNDEwMzAwOTQwNDBaFw0yNTA0MjgwOTQwNDBaMBkxFzAVBgoJkiaJk/IsZAEB\r\nDAduZXdVc2VyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvnk0Am3aRZevdPqLtDh4\r\nGkukZ89SrCBYqz/yWyIDdEnTHtJUdyJwbwgLkKz9GsE3ZwA1qLgQ8C8eOmUS8DNGm7+YTjwPeC+H\r\nnXxahsivqDeuyrc6nzbayCj4BWk+XMyqi8zPi84EXQ5eC3+qCx5ZEgyW8anjtjSX/09yLFxWRCoh\r\nHq7KR3Cp6LJlO+71bH/FBFfo4v+mA5WwjqdZ+GM9a7NlqyvrmGcUB+2q7LmuCjKCqGYRciIXsy6p\r\nYLhUnxfbtwxLZxmGzejawrciqtj40U3NmdkkDJ+niyD7C75w5TfhmZwmDSpHs76AmgPELBpSkiyE\r\nwdyyaiL53OjMQ5uD/wIDAQABo4GUMIGRMB8GA1UdIwQYMBaAFKd99i1O4mgUWWajjK3k83bEAOEl\r\nMD8GCCsGAQUFBwEBBDMwMTAvBggrBgEFBQcwAYYjaHR0cDovL3BraS5leGFtcGxlLmNvbTo4MDgw\r\nL2NhL29jc3AwDgYDVR0PAQH/BAQDAgXgMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDBDAN\r\nBgkqhkiG9w0BAQsFAAOCAYEAAQHZeYhrTYFofmGlOorwszMdmnSITwDjQjfu8K1Sh5geJOjrYos7\r\nPIa3uCYTneN/e/f/s9fTZoPrEycQL3rHjgjuQrAakQ48w8K0LKmVUmaVcwS+DCtcgHrBM965YVuP\r\nGw0vxGL+AhJDfH49rbX/2LAqcUMkA/Vc2oDQzb9Es6h20fEpaBVv5ehAbWWU6EOkBLN1/12VKY2e\r\nQFSTbdmPLnGHzcaX7Nmgl+u8jVzuysdTYpgHCQ7tonfE7NNQTHQt8p63fBDaDMUwBlfIDh3Omkef\r\nAofXpvF7Y1X7sy7wfeSqSXYPDcY4A3d+r7Y3qfyuqYc9/Xz+XzhTvEQfjd/gFiZjB23u2et1AhGD\r\n6dmQIhUWOW+OyDx3EdB+OAPFpgTK+VdaUr76zzEFXaZCGnkUhskQujg9495WCs+eQLWznTy3Zuz+\r\nssx5jgbLN46RjBcKlVyGSEtuC6uRwuwGbtQcp7kBGNeHsHBZeQ5fzUdls4B+RZHZWP3OSqpdEJKq\r\n8/gh\r\n-----END CERTIFICATE-----\n",
  "id" : "2;219636095195869852359558645775241978227;CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE;UID=newUser"
}

/<app>/v2/admin/users/{userId}/certs/{certId}

DELETE

None

204

ca, kra, ocsp, tks, tps

Example
$ curl --cacert ./ca_signing.crt -b session_cookie \
    -X DELETE https://$HOSTNAME:8443/ca/v2/admin/users/newUser/certs/2%3B219636095195869852359558645775241978227%3BCN%3DCA%20Signing%20Certificate%2COU%3Dpki-tomcat%2CO%3DEXAMPLE%3BUID%3DnewUser

/<app>/v2/admin/users/{id}/membership

GET

size, start, filter

200

ca, kra, ocsp, tks, tps

application/json

Example
$ curl --cacert ./ca_signing.crt -b session_cookie \
    https://$HOSTNAME:8443/ca/v2/admin/users/newUser/membership
{
  "total" : 1,
  "entries" : [ {
    "id" : "Auditors",
    "userID" : "newUser"
  } ]
}

/<app>/v2/admin/users/{id}/membership

POST

None

201

ca, kra, ocsp, tks, tps

in application/x-www-form-urlencoded, out application/json

The group name to add the user

Example
$ curl --cacert ./ca_signing.crt -b session_cookie \
    --data 'Auditors' \
    https://$HOSTNAME:8443/ca/v2/admin/users/newUser/membership
{
  "id" : "Auditors",
  "userID" : "newUser"
}

/<app>/v2/admin/users/{userId}/membership/{groupId}

DELETE

None

204

ca, kra, ocsp, tks, tps

Example
$ curl --cacert ./ca_signing.crt -b session_cookie \
    -X DELETE https://$HOSTNAME:8443/ca/v2/admin/users/newUser/membership/Auditors

/<app>/v2/audit

GET

None

200

ca, kra, ocsp, tks, tps

application/json

Example
$ curl --cacert ./ca_signing.crt -b session_cookie \
    https://$HOSTNAME:8443/ca/v2/audit
{
  "bufferSize" : 512,
  "Status" : "Enabled",
  "Signed" : false,
  "Interval" : 5,
  "Events" : {
    "ACCESS_SESSION_ESTABLISH" : "enabled",
    "ACCESS_SESSION_TERMINATED" : "enabled",
    "ASYMKEY_GENERATION_REQUEST" : "disabled",
    "ASYMKEY_GENERATION_REQUEST_PROCESSED" : "disabled",
    "AUDIT_LOG_DELETE" : "disabled",
    "AUDIT_LOG_SHUTDOWN" : "disabled",
    "AUDIT_LOG_SIGNING" : "enabled",
    "AUDIT_LOG_STARTUP" : "enabled",
    "AUTH" : "enabled",
    "AUTHORITY_CONFIG" : "enabled",
    "AUTHZ" : "enabled",
    "CERT_PROFILE_APPROVAL" : "enabled",
    "CERT_REQUEST_PROCESSED" : "enabled",
    "CERT_SIGNING_INFO" : "enabled",
    "CERT_STATUS_CHANGE_REQUEST" : "enabled",
    "CERT_STATUS_CHANGE_REQUEST_PROCESSED" : "enabled",
    "CIMC_CERT_VERIFICATION" : "disabled",
    "CLIENT_ACCESS_SESSION_ESTABLISH" : "enabled",
    "CLIENT_ACCESS_SESSION_TERMINATED" : "enabled",
    "CMC_ID_POP_LINK_WITNESS" : "disabled",
    "CMC_PROOF_OF_IDENTIFICATION" : "disabled",
    "CMC_REQUEST_RECEIVED" : "enabled",
    "CMC_RESPONSE_SENT" : "enabled",
    "CMC_SIGNED_REQUEST_SIG_VERIFY" : "enabled",
    "CMC_USER_SIGNED_REQUEST_SIG_VERIFY" : "enabled",
    "COMPUTE_RANDOM_DATA_REQUEST" : "disabled",
    "COMPUTE_RANDOM_DATA_REQUEST_PROCESSED" : "disabled",
    "COMPUTE_SESSION_KEY_REQUEST" : "disabled",
    "COMPUTE_SESSION_KEY_REQUEST_PROCESSED" : "disabled",
    "CONFIG_ACL" : "enabled",
    "CONFIG_AUTH" : "enabled",
    "CONFIG_CERT_POLICY" : "disabled",
    "CONFIG_CERT_PROFILE" : "enabled",
    "CONFIG_CRL_PROFILE" : "enabled",
    "CONFIG_DRM" : "disabled",
    "CONFIG_ENCRYPTION" : "enabled",
    "CONFIG_OCSP_PROFILE" : "disabled",
    "CONFIG_ROLE" : "enabled",
    "CONFIG_SERIAL_NUMBER" : "enabled",
    "CONFIG_SIGNED_AUDIT" : "enabled",
    "CONFIG_TOKEN_AUTHENTICATOR" : "disabled",
    "CONFIG_TOKEN_CONNECTOR" : "disabled",
    "CONFIG_TOKEN_GENERAL" : "disabled",
    "CONFIG_TOKEN_MAPPING_RESOLVER" : "disabled",
    "CONFIG_TOKEN_PROFILE" : "disabled",
    "CONFIG_TOKEN_RECORD" : "disabled",
    "CONFIG_TRUSTED_PUBLIC_KEY" : "enabled",
    "CRL_RETRIEVAL" : "disabled",
    "CRL_SIGNING_INFO" : "enabled",
    "CRL_VALIDATION" : "disabled",
    "DELTA_CRL_GENERATION" : "enabled",
    "DELTA_CRL_PUBLISHING" : "disabled",
    "DIVERSIFY_KEY_REQUEST" : "disabled",
    "DIVERSIFY_KEY_REQUEST_PROCESSED" : "disabled",
    "ENCRYPT_DATA_REQUEST" : "disabled",
    "ENCRYPT_DATA_REQUEST_PROCESSED" : "disabled",
    "FULL_CRL_GENERATION" : "enabled",
    "FULL_CRL_PUBLISHING" : "disabled",
    "INTER_BOUNDARY" : "disabled",
    "KEY_GEN_ASYMMETRIC" : "enabled",
    "KEY_RECOVERY_AGENT_LOGIN" : "disabled",
    "KEY_RECOVERY_REQUEST" : "disabled",
    "KEY_STATUS_CHANGE" : "disabled",
    "LOG_PATH_CHANGE" : "enabled",
    "NON_PROFILE_CERT_REQUEST" : "disabled",
    "OCSP_ADD_CA_REQUEST" : "disabled",
    "OCSP_ADD_CA_REQUEST_PROCESSED" : "disabled",
    "OCSP_GENERATION" : "enabled",
    "OCSP_REMOVE_CA_REQUEST" : "disabled",
    "OCSP_REMOVE_CA_REQUEST_PROCESSED" : "disabled",
    "OCSP_SIGNING_INFO" : "enabled",
    "PROFILE_CERT_REQUEST" : "enabled",
    "PROOF_OF_POSSESSION" : "enabled",
    "RANDOM_GENERATION" : "enabled",
    "ROLE_ASSUME" : "enabled",
    "SCHEDULE_CRL_GENERATION" : "enabled",
    "SECURITY_DATA_ARCHIVAL_REQUEST" : "disabled",
    "SECURITY_DATA_ARCHIVAL_REQUEST_PROCESSED" : "disabled",
    "SECURITY_DATA_EXPORT_KEY" : "disabled",
    "SECURITY_DATA_INFO" : "disabled",
    "SECURITY_DATA_RECOVERY_REQUEST" : "disabled",
    "SECURITY_DATA_RECOVERY_REQUEST_PROCESSED" : "disabled",
    "SECURITY_DATA_RECOVERY_REQUEST_STATE_CHANGE" : "disabled",
    "SECURITY_DOMAIN_UPDATE" : "enabled",
    "SELFTESTS_EXECUTION" : "enabled",
    "SERVER_SIDE_KEYGEN_ENROLL_KEYGEN_REQUEST" : "disabled",
    "SERVER_SIDE_KEYGEN_ENROLL_KEYGEN_REQUEST_PROCESSED" : "disabled",
    "SERVER_SIDE_KEYGEN_ENROLL_KEY_RETRIEVAL_REQUEST" : "disabled",
    "SERVER_SIDE_KEYGEN_ENROLL_KEY_RETRIEVAL_REQUEST_PROCESSED" : "disabled",
    "SERVER_SIDE_KEYGEN_REQUEST" : "enabled",
    "SERVER_SIDE_KEYGEN_REQUEST_PROCESSED" : "enabled",
    "SYMKEY_GENERATION_REQUEST" : "disabled",
    "SYMKEY_GENERATION_REQUEST_PROCESSED" : "disabled",
    "TOKEN_APPLET_UPGRADE" : "disabled",
    "TOKEN_AUTH" : "disabled",
    "TOKEN_CERT_ENROLLMENT" : "disabled",
    "TOKEN_CERT_RENEWAL" : "disabled",
    "TOKEN_CERT_RETRIEVAL" : "disabled",
    "TOKEN_CERT_STATUS_CHANGE_REQUEST" : "disabled",
    "TOKEN_FORMAT" : "disabled",
    "TOKEN_KEY_CHANGEOVER" : "disabled",
    "TOKEN_KEY_CHANGEOVER_REQUIRED" : "disabled",
    "TOKEN_KEY_RECOVERY" : "disabled",
    "TOKEN_KEY_SANITY_CHECK" : "disabled",
    "TOKEN_OP_REQUEST" : "disabled",
    "TOKEN_PIN_RESET" : "disabled",
    "TOKEN_STATE_CHANGE" : "disabled"
  }
}

/<app>/v2/audit

PATCH

None

200

ca, kra, ocsp, tks, tps

application/json

A json with same format returned by GET operation. The list in Events has to match but avalues can be different

Example
$ curl --cacert ./ca_signing.crt -b session_cookie \
    --json @audit.json -X PATCH \
    https://$HOSTNAME:8443/ca/v2/audit
{
  "bufferSize" : 512,
  "Status" : "Enabled",
  "Signed" : false,
  "Interval" : 100,
  "Events" : {
    "ACCESS_SESSION_ESTABLISH" : "enabled",
    "ACCESS_SESSION_TERMINATED" : "disabled",
    "ASYMKEY_GENERATION_REQUEST" : "disabled",
    "ASYMKEY_GENERATION_REQUEST_PROCESSED" : "disabled",
    "AUDIT_LOG_DELETE" : "disabled",
    "AUDIT_LOG_SHUTDOWN" : "disabled",
    "AUDIT_LOG_STARTUP" : "disabled",
    "AUTH" : "disabled",
    "AUTHORITY_CONFIG" : "disabled",
    "AUTHZ" : "disabled",
    "CERT_PROFILE_APPROVAL" : "disabled",
    "CERT_REQUEST_PROCESSED" : "disabled",
    "CERT_SIGNING_INFO" : "disabled",
    "CERT_STATUS_CHANGE_REQUEST" : "disabled",
    "CERT_STATUS_CHANGE_REQUEST_PROCESSED" : "disabled",
    "CIMC_CERT_VERIFICATION" : "disabled",
    "CLIENT_ACCESS_SESSION_ESTABLISH" : "disabled",
    "CLIENT_ACCESS_SESSION_TERMINATED" : "disabled",
    "CMC_ID_POP_LINK_WITNESS" : "disabled",
    "CMC_PROOF_OF_IDENTIFICATION" : "disabled",
    "CMC_REQUEST_RECEIVED" : "disabled",
    "CMC_RESPONSE_SENT" : "disabled",
    "CMC_SIGNED_REQUEST_SIG_VERIFY" : "disabled",
    "CMC_USER_SIGNED_REQUEST_SIG_VERIFY" : "disabled",
    "COMPUTE_RANDOM_DATA_REQUEST" : "disabled",
    "COMPUTE_RANDOM_DATA_REQUEST_PROCESSED" : "disabled",
    "COMPUTE_SESSION_KEY_REQUEST" : "disabled",
    "COMPUTE_SESSION_KEY_REQUEST_PROCESSED" : "disabled",
    "CONFIG_ACL" : "disabled",
    "CONFIG_AUTH" : "disabled",
    "CONFIG_CERT_POLICY" : "disabled",
    "CONFIG_CERT_PROFILE" : "disabled",
    "CONFIG_CRL_PROFILE" : "disabled",
    "CONFIG_DRM" : "disabled",
    "CONFIG_ENCRYPTION" : "disabled",
    "CONFIG_OCSP_PROFILE" : "disabled",
    "CONFIG_ROLE" : "disabled",
    "CONFIG_SERIAL_NUMBER" : "disabled",
    "CONFIG_SIGNED_AUDIT" : "disabled",
    "CONFIG_TOKEN_AUTHENTICATOR" : "disabled",
    "CONFIG_TOKEN_CONNECTOR" : "disabled",
    "CONFIG_TOKEN_GENERAL" : "disabled",
    "CONFIG_TOKEN_MAPPING_RESOLVER" : "disabled",
    "CONFIG_TOKEN_PROFILE" : "disabled",
    "CONFIG_TOKEN_RECORD" : "disabled",
    "CONFIG_TRUSTED_PUBLIC_KEY" : "disabled",
    "CRL_RETRIEVAL" : "disabled",
    "CRL_SIGNING_INFO" : "disabled",
    "CRL_VALIDATION" : "disabled",
    "DELTA_CRL_GENERATION" : "disabled",
    "DELTA_CRL_PUBLISHING" : "disabled",
    "DIVERSIFY_KEY_REQUEST" : "disabled",
    "DIVERSIFY_KEY_REQUEST_PROCESSED" : "disabled",
    "ENCRYPT_DATA_REQUEST" : "disabled",
    "ENCRYPT_DATA_REQUEST_PROCESSED" : "disabled",
    "FULL_CRL_GENERATION" : "disabled",
    "FULL_CRL_PUBLISHING" : "disabled",
    "INTER_BOUNDARY" : "disabled",
    "KEY_GEN_ASYMMETRIC" : "disabled",
    "KEY_RECOVERY_AGENT_LOGIN" : "disabled",
    "KEY_RECOVERY_REQUEST" : "disabled",
    "KEY_STATUS_CHANGE" : "disabled",
    "LOG_PATH_CHANGE" : "disabled",
    "NON_PROFILE_CERT_REQUEST" : "disabled",
    "OCSP_ADD_CA_REQUEST" : "disabled",
    "OCSP_ADD_CA_REQUEST_PROCESSED" : "disabled",
    "OCSP_GENERATION" : "disabled",
    "OCSP_REMOVE_CA_REQUEST" : "disabled",
    "OCSP_REMOVE_CA_REQUEST_PROCESSED" : "disabled",
    "OCSP_SIGNING_INFO" : "disabled",
    "PROFILE_CERT_REQUEST" : "disabled",
    "PROOF_OF_POSSESSION" : "disabled",
    "RANDOM_GENERATION" : "disabled",
    "ROLE_ASSUME" : "disabled",
    "SCHEDULE_CRL_GENERATION" : "disabled",
    "SECURITY_DATA_ARCHIVAL_REQUEST" : "disabled",
    "SECURITY_DATA_ARCHIVAL_REQUEST_PROCESSED" : "disabled",
    "SECURITY_DATA_EXPORT_KEY" : "disabled",
    "SECURITY_DATA_INFO" : "disabled",
    "SECURITY_DATA_RECOVERY_REQUEST" : "disabled",
    "SECURITY_DATA_RECOVERY_REQUEST_PROCESSED" : "disabled",
    "SECURITY_DATA_RECOVERY_REQUEST_STATE_CHANGE" : "disabled",
    "SECURITY_DOMAIN_UPDATE" : "disabled",
    "SELFTESTS_EXECUTION" : "disabled",
    "SERVER_SIDE_KEYGEN_ENROLL_KEYGEN_REQUEST" : "disabled",
    "SERVER_SIDE_KEYGEN_ENROLL_KEYGEN_REQUEST_PROCESSED" : "disabled",
    "SERVER_SIDE_KEYGEN_ENROLL_KEY_RETRIEVAL_REQUEST" : "disabled",
    "SERVER_SIDE_KEYGEN_ENROLL_KEY_RETRIEVAL_REQUEST_PROCESSED" : "disabled",
    "SERVER_SIDE_KEYGEN_REQUEST" : "disabled",
    "SERVER_SIDE_KEYGEN_REQUEST_PROCESSED" : "disabled",
    "SYMKEY_GENERATION_REQUEST" : "disabled",
    "SYMKEY_GENERATION_REQUEST_PROCESSED" : "disabled",
    "TOKEN_APPLET_UPGRADE" : "disabled",
    "TOKEN_AUTH" : "disabled",
    "TOKEN_CERT_ENROLLMENT" : "disabled",
    "TOKEN_CERT_RENEWAL" : "disabled",
    "TOKEN_CERT_RETRIEVAL" : "disabled",
    "TOKEN_CERT_STATUS_CHANGE_REQUEST" : "disabled",
    "TOKEN_FORMAT" : "disabled",
    "TOKEN_KEY_CHANGEOVER" : "disabled",
    "TOKEN_KEY_CHANGEOVER_REQUIRED" : "disabled",
    "TOKEN_KEY_RECOVERY" : "disabled",
    "TOKEN_KEY_SANITY_CHECK" : "disabled",
    "TOKEN_OP_REQUEST" : "disabled",
    "TOKEN_PIN_RESET" : "disabled",
    "TOKEN_STATE_CHANGE" : "disabled"
  }
}

/<app>/v2/audit

POST

action (enable/disable)

200

ca, kra, ocsp, tks, tps

application/json

No input expected

Example
$ curl --cacert ./ca_signing.crt -b session_cookie \
    -X POST "https://$HOSTNAME:8443/ca/v2/audit?action=enable"
{
  "bufferSize" : 512,
  "Status" : "Enabled",
  "Signed" : false,
  "Interval" : 100,
  "Events" : {
    "ACCESS_SESSION_ESTABLISH" : "enabled",
    "ACCESS_SESSION_TERMINATED" : "disabled",
    "ASYMKEY_GENERATION_REQUEST" : "disabled",
    "ASYMKEY_GENERATION_REQUEST_PROCESSED" : "disabled",
    "AUDIT_LOG_DELETE" : "disabled",
    "AUDIT_LOG_SHUTDOWN" : "disabled",
    "AUDIT_LOG_STARTUP" : "disabled",
    "AUTH" : "disabled",
    "AUTHORITY_CONFIG" : "disabled",
    "AUTHZ" : "disabled",
    "CERT_PROFILE_APPROVAL" : "disabled",
    "CERT_REQUEST_PROCESSED" : "disabled",
    "CERT_SIGNING_INFO" : "disabled",
    "CERT_STATUS_CHANGE_REQUEST" : "disabled",
    "CERT_STATUS_CHANGE_REQUEST_PROCESSED" : "disabled",
    "CIMC_CERT_VERIFICATION" : "disabled",
    "CLIENT_ACCESS_SESSION_ESTABLISH" : "disabled",
    "CLIENT_ACCESS_SESSION_TERMINATED" : "disabled",
    "CMC_ID_POP_LINK_WITNESS" : "disabled",
    "CMC_PROOF_OF_IDENTIFICATION" : "disabled",
    "CMC_REQUEST_RECEIVED" : "disabled",
    "CMC_RESPONSE_SENT" : "disabled",
    "CMC_SIGNED_REQUEST_SIG_VERIFY" : "disabled",
    "CMC_USER_SIGNED_REQUEST_SIG_VERIFY" : "disabled",
    "COMPUTE_RANDOM_DATA_REQUEST" : "disabled",
    "COMPUTE_RANDOM_DATA_REQUEST_PROCESSED" : "disabled",
    "COMPUTE_SESSION_KEY_REQUEST" : "disabled",
    "COMPUTE_SESSION_KEY_REQUEST_PROCESSED" : "disabled",
    "CONFIG_ACL" : "disabled",
    "CONFIG_AUTH" : "disabled",
    "CONFIG_CERT_POLICY" : "disabled",
    "CONFIG_CERT_PROFILE" : "disabled",
    "CONFIG_CRL_PROFILE" : "disabled",
    "CONFIG_DRM" : "disabled",
    "CONFIG_ENCRYPTION" : "disabled",
    "CONFIG_OCSP_PROFILE" : "disabled",
    "CONFIG_ROLE" : "disabled",
    "CONFIG_SERIAL_NUMBER" : "disabled",
    "CONFIG_SIGNED_AUDIT" : "disabled",
    "CONFIG_TOKEN_AUTHENTICATOR" : "disabled",
    "CONFIG_TOKEN_CONNECTOR" : "disabled",
    "CONFIG_TOKEN_GENERAL" : "disabled",
    "CONFIG_TOKEN_MAPPING_RESOLVER" : "disabled",
    "CONFIG_TOKEN_PROFILE" : "disabled",
    "CONFIG_TOKEN_RECORD" : "disabled",
    "CONFIG_TRUSTED_PUBLIC_KEY" : "disabled",
    "CRL_RETRIEVAL" : "disabled",
    "CRL_SIGNING_INFO" : "disabled",
    "CRL_VALIDATION" : "disabled",
    "DELTA_CRL_GENERATION" : "disabled",
    "DELTA_CRL_PUBLISHING" : "disabled",
    "DIVERSIFY_KEY_REQUEST" : "disabled",
    "DIVERSIFY_KEY_REQUEST_PROCESSED" : "disabled",
    "ENCRYPT_DATA_REQUEST" : "disabled",
    "ENCRYPT_DATA_REQUEST_PROCESSED" : "disabled",
    "FULL_CRL_GENERATION" : "disabled",
    "FULL_CRL_PUBLISHING" : "disabled",
    "INTER_BOUNDARY" : "disabled",
    "KEY_GEN_ASYMMETRIC" : "disabled",
    "KEY_RECOVERY_AGENT_LOGIN" : "disabled",
    "KEY_RECOVERY_REQUEST" : "disabled",
    "KEY_STATUS_CHANGE" : "disabled",
    "LOG_PATH_CHANGE" : "disabled",
    "NON_PROFILE_CERT_REQUEST" : "disabled",
    "OCSP_ADD_CA_REQUEST" : "disabled",
    "OCSP_ADD_CA_REQUEST_PROCESSED" : "disabled",
    "OCSP_GENERATION" : "disabled",
    "OCSP_REMOVE_CA_REQUEST" : "disabled",
    "OCSP_REMOVE_CA_REQUEST_PROCESSED" : "disabled",
    "OCSP_SIGNING_INFO" : "disabled",
    "PROFILE_CERT_REQUEST" : "disabled",
    "PROOF_OF_POSSESSION" : "disabled",
    "RANDOM_GENERATION" : "disabled",
    "ROLE_ASSUME" : "disabled",
    "SCHEDULE_CRL_GENERATION" : "disabled",
    "SECURITY_DATA_ARCHIVAL_REQUEST" : "disabled",
    "SECURITY_DATA_ARCHIVAL_REQUEST_PROCESSED" : "disabled",
    "SECURITY_DATA_EXPORT_KEY" : "disabled",
    "SECURITY_DATA_INFO" : "disabled",
    "SECURITY_DATA_RECOVERY_REQUEST" : "disabled",
    "SECURITY_DATA_RECOVERY_REQUEST_PROCESSED" : "disabled",
    "SECURITY_DATA_RECOVERY_REQUEST_STATE_CHANGE" : "disabled",
    "SECURITY_DOMAIN_UPDATE" : "disabled",
    "SELFTESTS_EXECUTION" : "disabled",
    "SERVER_SIDE_KEYGEN_ENROLL_KEYGEN_REQUEST" : "disabled",
    "SERVER_SIDE_KEYGEN_ENROLL_KEYGEN_REQUEST_PROCESSED" : "disabled",
    "SERVER_SIDE_KEYGEN_ENROLL_KEY_RETRIEVAL_REQUEST" : "disabled",
    "SERVER_SIDE_KEYGEN_ENROLL_KEY_RETRIEVAL_REQUEST_PROCESSED" : "disabled",
    "SERVER_SIDE_KEYGEN_REQUEST" : "disabled",
    "SERVER_SIDE_KEYGEN_REQUEST_PROCESSED" : "disabled",
    "SYMKEY_GENERATION_REQUEST" : "disabled",
    "SYMKEY_GENERATION_REQUEST_PROCESSED" : "disabled",
    "TOKEN_APPLET_UPGRADE" : "disabled",
    "TOKEN_AUTH" : "disabled",
    "TOKEN_CERT_ENROLLMENT" : "disabled",
    "TOKEN_CERT_RENEWAL" : "disabled",
    "TOKEN_CERT_RETRIEVAL" : "disabled",
    "TOKEN_CERT_STATUS_CHANGE_REQUEST" : "disabled",
    "TOKEN_FORMAT" : "disabled",
    "TOKEN_KEY_CHANGEOVER" : "disabled",
    "TOKEN_KEY_CHANGEOVER_REQUIRED" : "disabled",
    "TOKEN_KEY_RECOVERY" : "disabled",
    "TOKEN_KEY_SANITY_CHECK" : "disabled",
    "TOKEN_OP_REQUEST" : "disabled",
    "TOKEN_PIN_RESET" : "disabled",
    "TOKEN_STATE_CHANGE" : "disabled"
  }
}

/<app>/v2/audit/files

GET

None

200

ca, kra, ocsp, tks, tps

application/json

Example
$ curl --cacert ./ca_signing.crt -b session_cookie \
    https://$HOSTNAME:8443/ca/v2/audit/files
{
  "total" : 1,
  "entries" : [ {
    "name" : "ca_audit",
    "size" : 77606
  } ]
}

/<app>/v2/audit/files/{id}

GET

None

200

ca, kra, ocsp, tks, tps

application/octet-stream

Example
$ curl --cacert ./ca_signing.crt -b session_cookie \
    https://$HOSTNAME:8443/ca/v2/audit/files/ca_audit
0.main - [29/Oct/2024:11:09:28 UTC] [14] [6] [AuditEvent=CERT_SIGNING_INFO][SubjectID=$System$][Outcome=Success][SKI=A7:7D:F6:2D:4E:E2:68:14:59:66:A3:8C:AD:E4:F3:76:C4:00:E1:25] certificate signing info
0.main - [29/Oct/2024:11:09:28 UTC] [14] [6] [AuditEvent=CRL_SIGNING_INFO][SubjectID=$System$][Outcome=Success][SKI=A7:7D:F6:2D:4E:E2:68:14:59:66:A3:8C:AD:E4:F3:76:C4:00:E1:25] CRL signing info
0.main - [29/Oct/2024:11:09:28 UTC] [14] [6] [AuditEvent=OCSP_SIGNING_INFO][SubjectID=$System$][Outcome=Success][SKI=AB:AF:55:C8:C0:97:C8:B6:AA:47:0D:D0:66:C6:15:E1:B1:EF:EF:77] OCSP signing info
0.main - [29/Oct/2024:11:09:29 UTC] [14] [6] [AuditEvent=SELFTESTS_EXECUTION][SubjectID=$System$][Outcome=Success] self tests execution (see selftests.log for details)
0.https-jsse-jss-nio-8443-exec-1 - [29/Oct/2024:11:09:31 UTC] [14] [6] [AuditEvent=ACCESS_SESSION_ESTABLISH][ClientIP=172.18.0.3][ServerIP=172.18.0.3][SubjectID=--][CertSerialNum=--][IssuerDN=--][Outcome=Success] access session establish success
0.https-jsse-jss-nio-8443-exec-2 - [29/Oct/2024:11:09:31 UTC] [14] [6] [AuditEvent=ACCESS_SESSION_TERMINATED][ClientIP=172.18.0.3][ServerIP=172.18.0.3][SubjectID=--][CertSerialNum=--][IssuerDN=--][Outcome=Success][Info=serverAlertSent: CLOSE_NOTIFY] access session terminated
0.https-jsse-jss-nio-8443-exec-3 - [29/Oct/2024:11:09:32 UTC] [14] [6] [AuditEvent=ACCESS_SESSION_ESTABLISH][ClientIP=172.18.0.3][ServerIP=172.18.0.3][SubjectID=--][CertSerialNum=--][IssuerDN=--][Outcome=Success] access session establish success
0.https-jsse-jss-nio-8443-exec-3 - [29/Oct/2024:11:09:32 UTC] [14] [6] [AuditEvent=ACCESS_SESSION_TERMINATED][ClientIP=172.18.0.3][ServerIP=172.18.0.3][SubjectID=--][CertSerialNum=--][IssuerDN=--][Outcome=Success][Info=serverAlertSent: CLOSE_NOTIFY] access session terminated
0.https-jsse-jss-nio-8443-exec-4 - [29/Oct/2024:11:44:30 UTC] [14] [6] [AuditEvent=ACCESS_SESSION_ESTABLISH][ClientIP=172.18.0.3][ServerIP=172.18.0.3][SubjectID=--][CertSerialNum=--][IssuerDN=--][Outcome=Success] access session establish success
0.https-jsse-jss-nio-8443-exec-4 - [29/Oct/2024:11:44:30 UTC] [14] [6] [AuditEvent=ACCESS_SESSION_TERMINATED][ClientIP=172.18.0.3][ServerIP=172.18.0.3][SubjectID=--][CertSerialNum=--][IssuerDN=--][Outcome=Success][Info=serverAlertReceived: CLOSE_NOTIFY] access session terminated
0.https-jsse-jss-nio-8443-exec-4 - [29/Oct/2024:11:44:30 UTC] [14] [6] [AuditEvent=ACCESS_SESSION_TERMINATED][ClientIP=172.18.0.3][ServerIP=172.18.0.3][SubjectID=--][CertSerialNum=--][IssuerDN=--][Outcome=Success][Info=serverAlertSent: CLOSE_NOTIFY] access session terminated
0.https-jsse-jss-nio-8443-exec-5 - [29/Oct/2024:11:45:53 UTC] [14] [6] [AuditEvent=ACCESS_SESSION_ESTABLISH][ClientIP=172.18.0.3][ServerIP=172.18.0.3][SubjectID=--][CertSerialNum=--][IssuerDN=--][Outcome=Failure][Info=serverAlertSent: UNEXPECTED_MESSAGE] access session establish failure
0.https-jsse-jss-nio-8443-exec-6 - [29/Oct/2024:11:46:37 UTC] [14] [6] [AuditEvent=ACCESS_SESSION_ESTABLISH][ClientIP=172.18.0.3][ServerIP=172.18.0.3][SubjectID=--][CertSerialNum=--][IssuerDN=--][Outcome=Success] access session establish success
0.https-jsse-jss-nio-8443-exec-6 - [29/Oct/2024:11:46:37 UTC] [14] [6] [AuditEvent=ACCESS_SESSION_TERMINATED][ClientIP=172.18.0.3][ServerIP=172.18.0.3][SubjectID=--][CertSerialNum=--][IssuerDN=--][Outcome=Success][Info=serverAlertReceived: CLOSE_NOTIFY] access session terminated
0.https-jsse-jss-nio-8443-exec-6 - [29/Oct/2024:11:46:37 UTC] [14] [6] [AuditEvent=ACCESS_SESSION_TERMINATED][ClientIP=172.18.0.3][ServerIP=172.18.0.3][SubjectID=--][CertSerialNum=--][IssuerDN=--][Outcome=Success][Info=serverAlertSent: CLOSE_NOTIFY] access session terminated

/<app>/v2/config/features

GET

None

200

ca

Example
$ curl --cacert ./ca_signing.crt \
    https://$HOSTNAME:8443/ca/v2/config/features
[{"id":"authority","description":"Lightweight CAs","version":"1.0","enabled":true}]

/<app>/v2/config/features/{id}

GET

None

200

ca

application/json

Example
$ curl --cacert ./ca_signing.crt https://$HOSTNAME:8443/ca/v2/config/features/authority
{
  "id" : "authority",
  "description" : "Lightweight CAs",
  "version" : "1.0",
  "enabled" : true
}

/<app>/v2/jobs

GET

None

200

ca, kra, ocsp, tks, tps

application/json

Example
$ curl --cacert ./ca_signing.crt -b session_cookie \
    https://$HOSTNAME:8443/ca/v2/jobs
{
  "entries" : [ {
    "id" : "certRenewalNotifier",
    "enabled" : false,
    "cron" : "0 3 * * 1-5",
    "pluginName" : "RenewalNotificationJob",
    "parameters" : { }
  }, {
    "id" : "pruning",
    "enabled" : false,
    "pluginName" : "PruningJob",
    "parameters" : { }
  }, {
    "id" : "publishCerts",
    "enabled" : false,
    "cron" : "0 0 * * 2",
    "pluginName" : "PublishCertsJob",
    "parameters" : { }
  }, {
    "id" : "requestInQueueNotifier",
    "enabled" : false,
    "cron" : "0 0 * * 0",
    "pluginName" : "RequestInQueueJob",
    "parameters" : { }
  }, {
    "id" : "serialNumberUpdate",
    "enabled" : false,
    "pluginName" : "SerialNumberUpdateJob",
    "parameters" : { }
  }, {
    "id" : "unpublishExpiredCerts",
    "enabled" : false,
    "cron" : "0 0 * * 6",
    "pluginName" : "UnpublishExpiredJob",
    "parameters" : { }
  } ]
}

/<app>/v2/jobs/{id}

GET

None

200

ca, kra, ocsp, tks, tps

application/json

Example
$ curl --cacert ./ca_signing.crt -b session_cookie \
    https://$HOSTNAME:8443/ca/v2/jobs/serialNumberUpdate
{
  "id" : "serialNumberUpdate",
  "enabled" : false,
  "pluginName" : "SerialNumberUpdateJob",
  "parameters" : { }
}

/<app>/v2/jobs/{id}/start

POST

None

200

ca, kra, ocsp, tks, tps

No output

No input expected

Example
$ curl --cacert ./ca_signing.crt -b session_cookie \
    https://$HOSTNAME:8443/ca/v2/jobs/serialNumberUpdate/start

/<app>/v2/securityDomain/domainInfo

GET

None

200

ca, kra, ocsp, tks, tps

application/json

Example
$ curl --cacert ./ca_signing.crt \
    https://$HOSTNAME:8443/ca/v2/securityDomain/domainInfo
{
  "subsystemArray" : [ {
    "hosts" : {
      "CA pki.example.com 8443" : {
        "id" : "CA pki.example.com 8443",
        "Hostname" : "pki.example.com",
        "Port" : "8080",
        "SecurePort" : "8443",
        "SecureEEClientAuthPort" : "8443",
        "SecureAgentPort" : "8443",
        "SecureAdminPort" : "8443",
        "Clone" : "FALSE",
        "SubsystemName" : "CA pki.example.com 8443",
        "DomainManager" : "TRUE"
      }
    },
    "hostArray" : [ {
      "id" : "CA pki.example.com 8443",
      "Hostname" : "pki.example.com",
      "Port" : "8080",
      "SecurePort" : "8443",
      "SecureEEClientAuthPort" : "8443",
      "SecureAgentPort" : "8443",
      "SecureAdminPort" : "8443",
      "Clone" : "FALSE",
      "SubsystemName" : "CA pki.example.com 8443",
      "DomainManager" : "TRUE"
    } ],
    "id" : "CA"
  } ],
  "id" : "EXAMPLE",
  "subsystems" : {
    "CA" : {
      "hosts" : {
        "CA pki.example.com 8443" : {
          "id" : "CA pki.example.com 8443",
          "Hostname" : "pki.example.com",
          "Port" : "8080",
          "SecurePort" : "8443",
          "SecureEEClientAuthPort" : "8443",
          "SecureAgentPort" : "8443",
          "SecureAdminPort" : "8443",
          "Clone" : "FALSE",
          "SubsystemName" : "CA pki.example.com 8443",
          "DomainManager" : "TRUE"
        }
      },
      "hostArray" : [ {
        "id" : "CA pki.example.com 8443",
        "Hostname" : "pki.example.com",
        "Port" : "8080",
        "SecurePort" : "8443",
        "SecureEEClientAuthPort" : "8443",
        "SecureAgentPort" : "8443",
        "SecureAdminPort" : "8443",
        "Clone" : "FALSE",
        "SubsystemName" : "CA pki.example.com 8443",
        "DomainManager" : "TRUE"
      } ],
      "id" : "CA"
    }
  }
}

/<app>/v2/securityDomain/hosts

GET

None

200

ca, kra, ocsp, tks, tps

application/json

Example
$ curl --cacert ./ca_signing.crt \
    https://$HOSTNAME:8443/ca/v2/securityDomain/hosts
[{"id":"CA pki.example.com 8443","Hostname":"pki.example.com","Port":"8080","SecurePort":"8443","SecureEEClientAuthPort":"8443","SecureAgentPort":"8443","SecureAdminPort":"8443","Clone":"FALSE","SubsystemName":"CA pki.example.com 8443","DomainManager":"TRUE"}]

/<app>/v2/securityDomain/hosts

PUT

None

204

ca, kra, ocsp, tks, tps

application/json

Security domain host json with Hostname, Port, SecurePort, SecureEEClientAuthPort, SecureAgentPort, SecureAdminPort, Clone, SubsystemName and DomainManager

Example
$ curl --cacert ./ca_signing.crt -b session_cookie \
    --json '{"id":"CA pki2.example.com 8443","Hostname":"pki2.example.com","Port":"8080","SecurePort":"8443","SecureEEClientAuthPort":"8443","SecureAgentPort":"8443","SecureAdminPort":"8443","Clone":"TRUE","SubsystemName":"CA pki2.example.com 8443","DomainManager":"FALSE"}' \
    -X PUT https://$HOSTNAME:8443/ca/v2/securityDomain/hosts

/<app>/v2/securityDomain/hosts/{ID}

GET

None

200

ca, kra, ocsp, tks, tps

application/json

Example
$ curl --cacert ./ca_signing.crt \
    https://$HOSTNAME:8443/ca/v2/securityDomain/hosts/CA%20pki.example.com%208443
{
  "id" : "CA pki.example.com 8443",
  "Hostname" : "pki.example.com",
  "Port" : "8080",
  "SecurePort" : "8443",
  "SecureEEClientAuthPort" : "8443",
  "SecureAgentPort" : "8443",
  "SecureAdminPort" : "8443",
  "Clone" : "FALSE",
  "SubsystemName" : "CA pki.example.com 8443",
  "DomainManager" : "TRUE"
}

/<app>/v2/securityDomain/hosts/{ID}

DELETE

None

204

ca, kra, ocsp, tks, tps

Example
$ curl --cacert ./ca_signing.crt -b session_cookie \
    -X DELETE https://$HOSTNAME:8443/ca/v2/securityDomain/hosts/CA%20pki.example.com%208443

/<app>/v2/securityDomain/installToken

GET

hostname, subsystem

200

ca, kra, ocsp, tks, tps

application/json

Example
$ curl --cacert ./ca_signing.crt -b session_cookie \
    "https://$HOSTNAME:8443/ca/v2/securityDomain/installToken?hostname=pki.example.com&subsystem=CA"
{
  "token" : "4984326538499940852"
}

/<app>/v2/selftests

GET

start, size, filter

200

ca, kra, ocsp, tks, tps

application/json

Example
$ curl --cacert ./ca_signing.crt -b session_cookie \
    "https://$HOSTNAME:8443/ca/v2/selftests?start=2"
{
  "total" : 3,
  "entries" : [ {
    "id" : "SystemCertsVerification",
    "enabledAtStartup" : true,
    "criticalAtStartup" : true,
    "enabledOnDemand" : true,
    "criticalOnDemand" : true
  } ]
}

/<app>/v2/selftests

POST

action (run)

204

ca, kra, ocsp, tks, tps

No output

No input expected

Example
$ curl --cacert ./ca_signing.crt -b session_cookie \
    -X POST "https://$HOSTNAME:8443/ca/v2/selftests?action=run"

/<app>/v2/selftests/{id}

GET

None

200

ca, kra, ocsp, tks, tps

application/json

Example
$ curl --cacert ./ca_signing.crt -b session_cookie \
    https://$HOSTNAME:8443/ca/v2/selftests/CAValidity
{
  "id" : "CAValidity",
  "enabledAtStartup" : false,
  "enabledOnDemand" : true,
  "criticalOnDemand" : true
}

/<app>/v2/selftests/run

POST

None

200

ca, kra, ocsp, tks, tps

application/json

No input expected

Example
$ curl --cacert ./ca_signing.crt -b session_cookie \
    -X POST https://$HOSTNAME:8443/ca/v2/selftests/run
{
  "entries" : [ {
    "id" : "CAPresence",
    "status" : "PASSED"
  }, {
    "id" : "SystemCertsVerification",
    "status" : "PASSED"
  }, {
    "id" : "CAValidity",
    "status" : "PASSED"
  } ]
}

/<app>/v2/selftests/{id}/run

POST

None

200

ca, kra, ocsp, tks, tps

application/json

No input expected

Example
$ curl --cacert ./ca_signing.crt -b session_cookie \
    -X POST https://$HOSTNAME:8443/ca/v2/selftests/CAPresence/run
{
  "id" : "CAPresence",
  "status" : "PASSED"
}
Note
endpoints requiring authentication can be accessed providing the session cookie retrieved in the login api (/<app>/v2/account/login) or the user credentials (user/password or certificates).
Clone this wiki locally